Security Issues with Medical Devices

Hacked email is disappointing. In the majority of cases, though, change of password will solve the trouble. But what if the aim of hackers is a device, monitoring your health condition and measuring how many pills you are to take? This is much more serious problem. That’s why, security in the medicine should be treated with due diligence.

Why did medical devices become a goal of hackers attacks? It can be a simple act of practice and trouble-making or a way to steal personal data. Widespread reason for breaking medical devices in pharmaceutics is to get medicine that is impossible to purchase without prescription. Not so often hacking can be conducted on the political basis: to steal data for blackmailing. There are cases when a break of medical device can lead to the decline of patient’s state. For instance, in Austria there was a case of unauthorized access to the infusion pump leading to the reduction of anesthetic dose. As a result, two people on the outpatient treatment had pain-shooting problems.

The most vulnerable to these tendencies are technologically advanced countries, as they develop medical IT sphere. For example, it’s been estimated that UK economy loses 27 bn GBP per annum, according to Detica report. In the USA there was a breach of 80 million records database. The most frequent security crimes in the pharmaceutical and biotech spheres are connected with fake drugs, intellectual property losses and productivity losses. Cybercrimes are boosted by the development of Internet of Things, as well. Devices, being connected to the network, become weaker.

Security in the medical sphere was addressed on the 2015 hacker conference DerbyCon. 68,000 attempts of breaking medical devices were reported to take place only in the past 6 months. The most popular with hackers were MRI scanners and infusion pumps. Luckily, these were artificial devices to check the hackers behavior. But still, the issue remains urgent.

What measures can be taken to prevent the situation from becoming even worse.
1. The easiest step is to recognize the existing problem. Even the simplest measures can clead to improvement: changing default passwords, minimizing the number of people having access to the devices.
2. Personnel should be trained, so that security troubles could be timely solved.
3. Up-to-date security software can substantially improve the situation.
To sum up, security problems with medical devices should have been acknowledged long ago. Spreading this information can increase alarm in the medical society, making it not so easy to hack a device.